Vulnerability CVE-2002-1601


Published: 2002-02-09   Modified: 2012-02-12

Description:
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail message or a web page.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Adobe -> Photodeluxe 

 References:
http://www.kb.cert.org/vuls/id/116875
http://www.kb.cert.org/vuls/id/AAMN-56LQ2J
http://www.securityfocus.com/bid/4106
https://exchange.xforce.ibmcloud.com/vulnerabilities/8210

Copyright 2021, cxsecurity.com

 

Back to Top